Encrypting Your Email Works, Says NSA Whistleblower Edward Snowden

In the “ask me anything” format made famous by Reddit, NSA whistleblower Edward Snowden returned to the Guardian’s website this morning to answer questions from the general public as part of a live event known as “AskSnowden.”

It was a fascinating exchange, and you can see the whole thing here — and we’ll have a rundown of the full event here soon. But there was one standout bit of good news from Snowden along with the disturbing details of the government’s surveillance of our web activity: Encryption works as a method to keep your personal data private.

A commenter named Mathius1 asked (typos included here), “Is encrypting my email any good at defeating the NSA survelielance? Id my data protected by standard encryption?”

Snowden responded:

“Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.”

Snowden doesn’t add more details, but in general some examples of well-reputed third party crypto systems would be the Gnu Privacy Guard, or “GPG,” and the Pretty Good Privacy program, or “PGP.” And a number of messaging systems even built by companies that have been implicated as part of PRISM have end-to-end encryption, as Apple highlighted in its updated response to the NSA news:

“…we don’t collect or maintain a mountain of personal details about our customers in the first place. There are certain categories of information which we do not provide to law enforcement or any other group because we choose not to retain it.

For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data. Similarly, we do not store data related to customers’ location, Map searches or Siri requests in any identifiable form.”

And while these protections are all relatively solid, Snowden makes a good point about endpoint security being a different beast. Here Snowden likely means that there are ways that the government can ultimately read your emails and messages even if they’re not able to intercept them along the way, by accessing them somehow at either end of the delivery process. A real-world analogy would be that even if the entire postal mail system up until a letter is delivered to you is completely impenetrable, someone can still snatch a letter out of your unlocked mailbox — or, say, read it over your shoulder once it’s in your hands.

All of this underscores a larger point being discussed lately, that having any real power to control your privacy may increasingly depend on how tech-savvy you are. The folks at Codecademy are seeing this as a lesson to help encourage more people to become digitally literate, writing in a blog post today:

“Pretty much anybody who knows how code works was prepared for this sort of revelation. Because becoming code fluent is about more than simply knowing enough javascript to get a job. It’s a way to become familiar with the operating system on which the human drama is playing itself out.

Moreover, the better you understand the programs and platforms you use – and the permanence of almost everything you do online – the better equipped you will be to choose what the data watchers know about you, and what they don’t.

May the digitally illiterate proceed at their own risk. Once again, you have been warned.”

Of course, it’s a smart message to make if you’re a company whose business it is to teach as many people to code as possible, like Codecademy is. But even so, it’s hard to argue against the idea that knowledge is power — especially when it comes to technology.